package cn.kgc.jdbc.demo;

import cn.kgc.jdbc.entity.User;
import cn.kgc.jdbc.utils.JDBCUtil;

import java.sql.*;
import java.util.Scanner;

/**
 * @author: mosin
 * @version: v1.0  2022/4/19
 *
 * PreparedStatement
 *  1.如何解决SQL注入
 *  2.提高sql语句的使用率  预编译sql
 */
public class JDBCDemo01 {

    public static void main(String[] args) {
            test03();
    }

    public static void test01(){
        Connection connection = null;
        PreparedStatement pstmt = null;
        ResultSet resultSet = null;
        try {
            Class.forName("com.mysql.jdbc.Driver");
            String url = "jdbc:mysql://localhost:3306/java2215?useSSL=false&characterEncoding=utf8&serverTimezone=UTC";
            String user = "root";
            String password = "root";
            connection = DriverManager.getConnection(url, user, password);

            //获取操作数据库的对象   预先传递sql语句 -> sql语句预编译  -> 提高sql语句的使用效率
            String sql = "select *  from usr where uname = ? and pwd = ? ";
             pstmt = connection.prepareStatement(sql);
            //pstmt  在查询之前 需要设置查询的参数
            pstmt.setString(1, "tom");
            pstmt.setString(2, "888888");
            //执行sql
            resultSet = pstmt.executeQuery();
            User usr = null;
            //处理结果集
            while (resultSet.next()){
                int id = resultSet.getInt("id");
                String uname = resultSet.getString("uname");
                String pwd = resultSet.getString("pwd");

                usr = new User(id,uname,pwd);

            }

            if(usr!=null){
                System.out.println("登录成功");
            }else{
                System.out.println("登录失败");
            }

        } catch (Exception e) {
            e.printStackTrace();
        }finally {



            try {
                if(resultSet!=null){
                    resultSet.close();
                }

            } catch (SQLException throwables) {
                throwables.printStackTrace();
            }

            try {
                if(pstmt!=null){
                    pstmt.close();
                }

            } catch (SQLException throwables) {
                throwables.printStackTrace();
            }


            try {
                if(connection!=null){
                    connection.close();
                }
            } catch (SQLException throwables) {
                throwables.printStackTrace();
            }

        }

    }

    public static void test02(){
        Connection connection = null;
        PreparedStatement pstmt = null;
        ResultSet resultSet = null;
        try {
            // 通过工具类获取连接
            connection = JDBCUtil.getConnection();
            //获取操作数据库的对象   预先传递sql语句 -> sql语句预编译  -> 提高sql语句的使用效率
            String sql = "select *  from usr where uname = ? and pwd = ? ";
            //select *  from usr where uname = (tom) and pwd = (2222'or'1=1)
            pstmt = connection.prepareStatement(sql);

            Scanner scanner = new Scanner(System.in);
            System.out.println("请输入用户名");
            String username = scanner.nextLine();
            System.out.println("请输入密码");
            String passwd = scanner.nextLine();

            //pstmt  在查询之前 需要设置查询的参数
            pstmt.setString(1, username);
            pstmt.setString(2, passwd);
            //执行sql
            resultSet = pstmt.executeQuery();
            User usr = null;
            //处理结果集
            while (resultSet.next()){
                int id = resultSet.getInt("id");
                String uname = resultSet.getString("uname");
                String pwd = resultSet.getString("pwd");
                usr = new User(id,uname,pwd);

            }
            if(usr!=null){
                System.out.println("登录成功");
            }else{
                System.out.println("登录失败");
            }

        } catch (Exception e) {
            e.printStackTrace();
        }finally { //释放资源
            JDBCUtil.closeAll(resultSet, pstmt, connection);
        }
    }

    public static void test03(){
        //插入一条数据到 usr表
        //获取连接
        Connection connection = JDBCUtil.getConnection();
        PreparedStatement pstmt = null;
        String sql = "insert into usr(uname,pwd)values(?,?)";
        try {
            pstmt = connection.prepareStatement(sql);
            //设置参数
            pstmt.setString(1, "gg");
            pstmt.setString(2, "1234");
            //执行sql
            int line= pstmt.executeUpdate();
            System.out.println(line>0?"插入成功":"插入失败");
        } catch (SQLException throwables) {
            throwables.printStackTrace();
        }finally {
            JDBCUtil.closeAll(null, pstmt, connection);
        }

    }


    public static void test04() {  //更新一条数据

        Connection connection = JDBCUtil.getConnection();
        PreparedStatement pstmt = null;
        String sql = "update usr set pwd = ? where id = ?";
        try {
            pstmt = connection.prepareStatement(sql);
            pstmt.setString(1, "123456");
            pstmt.setInt(2, 14);
            int line = pstmt.executeUpdate();
            System.out.println(line>0?"更新成功":"更新失败");
        } catch (SQLException throwables) {
            throwables.printStackTrace();
        }finally {
            JDBCUtil.closeAll(null, pstmt, connection);
        }
    }


    public static void test05() {  //删除一条数据
        Connection connection = JDBCUtil.getConnection();
        PreparedStatement pstmt = null;
        String sql = "delete from usr where id = ?";
        try {
            pstmt = connection.prepareStatement(sql);
            pstmt.setInt(1, 18);
            int line = pstmt.executeUpdate();
            System.out.println(line>0?"删除成功":"删除失败");
        } catch (SQLException throwables) {
            throwables.printStackTrace();
        }finally {
            JDBCUtil.closeAll(null, pstmt, connection);
        }
    }
}
